Contribute Media
A thank you to everyone who makes this possible: Read More

Deceptive Security using Python

Translations: en

Description

Gajendra Deshpande

https://2020.pycon.org.au/program/GGGTVY

Imagine you are passing through an unknown street at midnight and you find that some anti-social elements are following you. To save yourself from them you start running and look for a safe place to hide yourself. On the way, you will find a good person and request the person to help you. The person hides you in the secure place to protect you. When these anti-social elements visit a good person’s place and enquire about you, the good person misguides them and redirects them to some other place in order to protect you. This is exactly how deception works. In this analogy, YOU are the resources to be protected, anti-social elements are the hackers who want to gain access to the resources, and a good person is a deception technique that protects the resources from hackers by making them fall in the trap.

How we implemented deception tool in python using machine learning We designed a deception tool in python language using PyBRAIN package to model and mitigate XPath injection attacks for web services. It is known that XML can be used to store the data and this data can be queried using XPath query language. XPath as a query language, it has injection issues similar to SQL. To handle this issue, we proposed a solution, which uses count-based validation technique and Long Short-Term Memory (LSTM) modular neural networks to identify and classify atypical behavior in user input. Once the atypical user input is identified, the attacker is redirected to fake resources to protect the critical data. Our experiment resulted in over 90% accuracy in classification of input vectors.

Produced by NDV: https://youtube.com/channel/UCQ7dFBzZGlBvtU2hCecsBBg?sub_confirmation=1

Python, PyCon, PyConAU, PyConline

Fri Sep 4 13:20:00 2020 at Python 2

Improve this page